Lucene search
K

29 matches found

CNNVD
CNNVD
added 2023/01/26 12:0 a.m.9 views

Jenkins Plugin Keycloak Authentication 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.01EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-19617 · Jenkins · Jenkins Keycloak Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to trick users into logging in to the attacker's account. This can be achieved by exploiting the login...

6.5CVSS6.6AI score0.01EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-19616 · Jenkins · Jenkins Keycloak Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, which could lead to security concerns. Recommendations: For versions 2.3.0 a...

9.8CVSS9.3AI score0.01206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.5 views

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

7.1AI score0.01EPSS
Exploits0References1
CVE
CVE
added 2023/01/24 12:0 a.m.87 views

CVE-2023-24457

CVE-2023-24457 describes a CSRF vulnerability in the Jenkins Keycloak Authentication Plugin (versions

6.5CVSS6.4AI score0.01EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/24 12:0 a.m.90 views

CVE-2023-24456

CVE-2023-24456 affects Jenkins Keycloak Authentication Plugin 2.3.0 and earlier. The issue: login does not invalidate the previous session, enabling session fixation. Impact noted as high/critical (CVSS 3.1 base 9.8). Affected versions: 2.3.0 and earlier. Remediation guidance in connected docs: u...

9.8CVSS9.4AI score0.01206EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.30 views

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

6.7AI score0.01EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.25 views

CVE-2023-24456

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...

9.8AI score0.01206EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.66 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...

9.8CVSS6.5AI score0.01314EPSS
Exploits0References39
Rows per page
Query Builder